cron.weekly issue #78: octodns, SSH, grsecurity, postal, nginx, cgroups, vim & moreApril 30, 2017 - Mattias Geniar
Welcome to cron.weekly issue #78 for Sunday, April 30th, 2017.
Lots of good links in this release again, plenty of variation to keep you entertained. Enjoy!
A bit of Unix trivia here, as the original author of the SSH protocol explains why port 22 was chosen and how it got to be approved as the official port, by IANA.
AMD seems to be really making a comeback with its Ryzen CPUs, this post looks at how it does on performance when run on a Linux system. Both single and multithreaded performance comparisons are handled.
In Linux, there’s a limit to how long a “path” can be. Since directories contain other directories, a file path could – in theory – be millions of paths deep. It’s limited via the PATH_MAX limit though, and this post explains why it’s there, the caveats and how to handle those.
The team at Lyft (Uber rival) looks back at their Envoy announcement, a L7 proxy and communication bus (also known as a “service mesh”, like linkerd). Nice bit of history & future plans for the project.
Grsecurity offered kernel hardening & security guarantees, but is now stopping the support of their open source project. It’ll continue to operate, but in a closed source way only, unless the community keeps up maintenance. Funny how the parent company is still named “Open Source Security Inc.“.
Lots of points here from the author on what proper configurations can achieve vs. containers, and how the benefit of strong configs outweigh some of the downsides of those containers.
It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
A set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.
JMAP is intended to be a new standard for email clients to connect to mail stores. It therefore intends to primarily replace IMAP + SMTP submission. It is also designed to be more generic such that it can be extended with contacts, calendars in the future (replacing CardDAV/CalDAV). It does not replace MTA-to-MTA SMTP transmission.
The first stable release of linkerd, a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable.
This tool offers mustache templates for Bash, allowing you to more easily template scripts & content in Bash.
Postal is a complete and fully featured mail server for use by websites & web servers. Think Sendgrid, Mailgun or Postmark but open source and ready for you to run on your own servers.
This new release brings support for TLSv1.3 and a convenient feature where logging signals sent to nginx now also log the PID of the process which sent the signal.
Linux Malware Detect (LMD) is a malware scanner for Linux is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems.
Multi-master is an extension and set of patches to a Postgres database, that turns Postgres into a synchronous shared-nothing cluster to provide OLTP scalability and high availability with automatic disaster recovery.
OctoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.
Highlight insecure SSL/TLS cipher suites and protocols as errors in your editor.
Guides & Tutorials
This post explains why reproducible builds are important and goes on to show how to make it happen, using rclone (CLI sync tool) as an example. There’s some Linux, Docker & Go in this post for everyone.
Some practical tips for trying to better understand & use the vim editor, like making it the default editor in your terminal, learning the different modes & quick shortcuts for easy navigation.
RHEL7 (and thus, CentOS 7) has been out for a while now. This post provides lots of links to further explore cgroups, to further separate CPU/memory/network/disk resources in namespaces.
This guide gets you started running your own Mastodon instance on a Digital Ocean VM, but it’ll work on pretty much any Linux provider & flavor.
A deep-dive into the features of the TCP and UDP load balancer in Nginx, covering hash algoritms, failovers, weighted load balancing, handling timeouts, performing health checks, etc.
Not everything is namespaced in the kernel, this post shows which 2 objects aren’t. No tl;dr here, click through to find out! 😉
MySQL comes with a handy little diagnostic tool called mysqlslap that’s been around since version 5.1.4. It’s a benchmarking tool that can help DBAs and developers load test their database servers. This post gives you the steps to use it.
This video only takes 35 seconds and I won’t spoil the answer. Go view. 🙂